Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Network Management & NAT questions


I have few question to ask. I will appreciate if someone could clarify my doubts.

1) If I have 2 networks, A and B, whereby I manage Network A and the other vendor manage Network B. Both are using Cisco Products. Is there a way for me to know if Network B is using access-list to drop my packets if taken into consideration that Vendor for Network B is not co-operative.

2) Which device is better for doing NAT. Router or Firewall and why is it so?

3) On a Cat 6509, can I manage the Switch configuration from the routing Module without telneting? Is there other ways?


New Member

Re: Network Management & NAT questions

1) You can try to trace route the packets and see where they drop. If they drop at network B's border router then it is likely they are using ACLs. It is also possible that they removed your network from their routing table.

2) This one is a loaded question because everyone has personal preferences on what they prefer. But I find, that your NAT application determines the hardware you use. For instance, if you were using NAT to jump to another network inside your infrastructure you might want to use a router (or RP inside a switch). If you were using NAT to hit the Internet then you might use a PIX or some other firewall. NAT is a pretty simple function so there really isn't a way to say which one is better; both a router and firewall accomplish the same thing with only a little configuration. However, my own personal opinion is that NAT on a PIX is easier to manage.

3) You can use SNMP or RMON to manage config settings or gather data from the switch (or applications like Cisco Works). Other than that I think you are pretty much stuck to telnetting to the switch itself. On my last check, there was no way to access the switch from the RP without telnetting (unlike the session 15 command from the 6509 to the RP).

Hope this helps...

New Member

Re: Network Management & NAT questions

There is a way to use out of band to access the RP on the 6509. If you have a console connection to the Supervisor on the Cat6509 through a terminal server, you could use 'switch console' on the Supervisor to switch to a console connection on the RP. Works fine. If I remember correctly, hitting Ctrl-C three times will break you out of the RP and take you back to the supervisor.

CreatePlease to create content